- ci: Provide source directory path for script execution
- kernel: Install uncompressed kernel by Image instead of vmlinux on arm64
- ACPI: Always build evged in for experimental kernel
- obs: Update obs packages for ppc64le
- scripts: enable libpmem only for x86_64
- scripts/qemu: enable libpmem
- release: Remove release docs
- test: Test for kata-containers packages on Fedora 31
- obs: Remove obs packages and testing for ubuntu 19.04 and fedora 29
- kernel: enable BPF to support libcontainer's cgroups V2 implementation
- kata-deploy: improve logic for crio.conf runtime additions
- yq: Use install_yq.sh script from tests repository
f599c8e kernel: Install uncompressed kernel by Image instead of vmlinux on arm64
c3949fd ACPI: Always build evged in for experimental kernel
83a69de scripts: enable libpmem only for x86_64
aad1e0e obs: Update obs packages for ppc64le
c0d45d8 scripts/qemu: enable libpmem
acf5b91 release: Remove release docs
3418d40 build: Enclose source dir for script execution
ac0d569 kernel: enable BPF to support libcontainer's cgroups V2 implementation
d7c2a38 obs: Remove obs packages and testing for ubuntu 19.04 and fedora 29
c8c3e46 test: Test for kata-containers packages on Fedora 31
43ab57f yq: Use install_yq.sh script from tests repository
cd6d364 kata-deploy: improve logic for crio.conf runtime additions
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
- scripts: set a default path to the yq binary
- AArch64: Build rust image on aarch64
- image-builder: Add NSDAX_BIN for passing in compiled nsdax tool
- rootfs: Don't overwrite /sbin/init if it already exists
- tests: Improve running test_images.sh locally
1c063af scripts: set a default path to the yq binary
67343a1 rust-agent: Separate the build up of rust-agent and go-agent
a390a36 rootfs: remove RUST_SRC_PATH
41aaa36 ubuntu/debian: create aarch64-specific Dockerfile.in
9cba8c4 musl: install musl on aarch64
87a5d5c rootfs: Don't overwrite /sbin/init if it already exists
4004bd8 image-builder: Add NSDAX_BIN for passing in compiled nsdax tool
134175b tests: Document the changed KATA_DEV_MODE behavior
0f4eac4 tests: Skip initrd/image launch if KATA_DEV_MODE
762ec28 tests: Drop kata-runtime env validation if KATA_DEV_MODE is set
6f17b9c tests: Skip set_runtime if KATA_DEV_MODE is set
17a8fb1 tests: Skip all kata-manager usage if KATA_DEV_MODE is set
e787bb0 tests: Define KATA_DEV_MODE
cef2591 tests: Rework dracut docker bind mounts
f3ab6d2 tests: Don't run commands with `chronic` if DEBUG is set
7a8e816 tests: Specify DRACUT_OVERLAY_DIR
7dd99c0 tests: Add project_dir helper variable
1ae3922 tests: Have DEBUG=1 set bash xtrace
555ddf3 tests: Remove unused USE_DOCKER export
0e6a12c tests: Pass DOCKER_RUNTIME to osbuilder scripts
e8624d8 tests: Rename docker_build_runtime -> DOCKER_RUNTIME
cd46d09 tests: Remove hardcoded 'runc' reference
c574ec0 tests: Remove dead unset images_dir check
44f2931 tests: Remove unused test_func_prefix
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
- actions: Add verbose information
- systemd-service: build rust-agent systemd services
- grpc: fix the issue of crash agent when didn't find the process
cd233c0 actions: Add verbose information
f0eaeac path-absolutize: version update
3136712 systemd-service: build rust-agent systemd services
289d617 grpc: fix the issue of crash agent when didn't find the process
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
It explains the details of current supported annotations.
Fixes: #486Fixes: #294
Depends-on: github.com/kata-containers/tests#2240
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Our CLH driver in kata defines its own constant variable 'maxClhVcpus'
which can conflict with the maximum number of vCPUs specified from the
kata configuration file 'clh.config.DefaultMaxVCPUs'. As the value from
kata configuration file is preferred anyway and the code on 'maxClhVcpus'
is not being used. We'd better remove it for better readability and
avoiding further confusions.
Fixes: #2528
Signed-off-by: Bo Chen <chen.bo@intel.com>
Use the path where `install-yq.sh` installs `yq` as the default path to the
`yq` binary in `lib.sh`.
Install `yq` in the default path if it doesn't exist.
fixes#429
Signed-off-by: Julio Montes <julio.montes@intel.com>
Kata-runtime can append vhost-user-blk device to the
device list of a container. And handle volumes who is
a block device and in VhostUserBlk type.
The vhost-user-blk device will be identified by its
PCI address by Kata-agent inside VM.
Fixes: #2380
Signed-off-by: Liu Xiaodong <xiaodong.liu@intel.com>
Reserved number of Linux device number 241 and 242
are used to identify vhost-user-blk and vhost-user-scsi
devices.
for example, after command:
mknod <Vhost-User-Dir>/block/devices/vhost-dev0 b 241 0
this node will be recognized as vhost-user-blk device.
Fixes: #2380
Signed-off-by: Liu Xiaodong <xiaodong.liu@intel.com>
Two parameters are used to set in toml file:
1. Set "enable_vhost_user_store = true" to indicate
that vhost-user storage device feature is enabled.
2. Set "vhost_user_store_path = <Vhost-User-Dir>".
vhost-user socket files will be under
"<Vhost-User-Dir>/block/sockets/"; and device node
for vhost-user device will be under
"<Vhost-User-Dir>/block/devices/"
The default value of "vhost_user_store_path" is
"/var/run/kata-containers/vhost-user/".
Fixes: #2380
Signed-off-by: Liu Xiaodong <xiaodong.liu@intel.com>
set rootfstype=ext4 to make kernel not do print errros like:
```
Mount option "data=ordered" incompatible with ext2
```
Depends-on: github.com/kata-containers/tests#2377
Fixes: #2524
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
This adds the `agent.container_pipe_size` annotation which allows
configuration of the size of the pipes for stdout/stderr for containers
inside the guest.
fixes#2467
Signed-off-by: Alex Price <aprice@atlassian.com>
The QAT instructions was broken after moving to a newer 4.19 kernel. Now
that the new 5.4 kernel is out, these instructions fix that.
Fixes#612
Signed-off-by: eric.adams@intel.com
shimv2/containerd logs are placed and formatted differently than for
kata CRI-O. Add some details to the Fluentd parsing document to aid
in parsing those.
Fixes: #610
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Set the katautils default log level to 'Warn', rather than 'Info',
as 'Info' is rather noisy.
Fixes: #2522
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Set the default log level explicitly to 'Warn', rather than taking
the logrus default (which is normally 'Info').
Fixes: #2522
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
The shimv2 runtime logs slightly differently - let's clarify
that in the existing OCI/CRI-O only runtime section.
Fixes: #2520
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Separate the build up of rust-agent and go-agent, hence you only
select one as kata-agent.
I've added the generation of rust-agent systemd service files into
rust-agent Makefile.
Therefore, we could use same `make` commands to build go-agent and
rust-agent.
Fixes: #411
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
If user wants to use customized rust-agent, they could use
AGENT_SOURCE_BIN to pass the static binary.
The rust-agent is always statically linked with musl.
Fixes: #411
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
The musl package in ubuntu/debian could not provide everything we need
on aarch64.
e.g. we need `aarch64-linux-musl-gcc` as linker, and it's not provided
in package.
Fixes: #411
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
The original musl-installing method is only for x86_64 and i386(see
musl config.mak template file).
musl.cc provides small and reliable pre-built musl toolchains
for many architectures.
Static so they run on supported platforms without dependencies.
Fixes: #411
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
PIE (position-independent executables) does good to security.
For some historical reason(compliation failure), it was disabled. But it
can be supported now on aarch64.
Fixes#926
Signed-off-by: Jia He <justin.he@arm.com>
Currently arm64 kata uses 3.0 qemu version. Hence aarch64 can't use some
--disable configure options between [3.1, 4.0].
Besides, due to upstream qemu bug about --disable-replication, still
enable the replication on aarch64 for qemu 3.0. Please refer to the
commit 3ebb9c4f52 ("migration/colo.c: Fix compilation issue when disable
replication")
Fixes#926
Signed-off-by: Jia He <justin.he@arm.com>
Qemu commit 315d318 uses built-in UUID implementation, hence we can't
disable uuid. This option is for generic arch, not only for aarch64.
Otherwise there is a warning during configure:
configure: --disable-uuid is obsolete, UUID support is always built
Fixes#926
Signed-off-by: Jia He <justin.he@arm.com>
Previously, it misses to add the --disable-xen for reducing qemu size
on aarch64. This patch add disable-xen on all arches, hence the case
switch is removed.
Fixes#926
Signed-off-by: Jia He <justin.he@arm.com>
Remove the rootfs bind dest and finally remove the created share
directory when stopping the container.
Fixes#2516
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
vmlinux on arm64
arm64 does not use vmlinux to boot, Image is used instead.
Otherwise, kata can't boot from vmlinux.container
Besides, given that firecracker only supports booting from Image,
don't set vmlinux for firecracker target
Fixes#930
Signed-off-by: Jia He <justin.he@arm.com>
With the HTTP API 'vm.resize()', the CPU hotplug with CLH is much simpler
comparing with QEMU. This is because we don't need to distinguish adding from
removing CPUs.
Fixes: #2495
Depends-on: github.com/kata-containers/packaging#968
Depends-on: github.com/kata-containers/tests#2364
Signed-off-by: Bo Chen <chen.bo@intel.com>
The prepare_overlay() code path is called when rootfs.sh is invoked
with no passed in distro string. This is used for the dracut case
from the Makefile for example. In that particular case, the starting
root directory is empty.
It's also valid to pass a prepopulated directory to rootfs.sh, which
is essentially a request for the script to just make the necessary
kata changes. Currently though prepare_overlay() makes some changes
that could wipe out pre-arranged /sbin/init setup.
Check first to see if /sbin/init exists in the rootfs dir, and if so,
skip the symlink changes
Fixes: #419
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Let's change the kata-deploy github action trigger from:
'/test kata-deploy'
to
'/test-kata-deploy'
which will hopefully reduce the number of false triggers caused when
we issue the 'normal' CI runs that are triggered by other
'/test xxxx' phrases.
Fixes: #971
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Nothing inherently requires root here. If the ROOTFS_DIR is only
root accessible then the operation may fail, but better IMO to let
that fail naturally
Fixes: #422
Signed-off-by: Cole Robinson <crobinso@redhat.com>
